(05-11-2014, 06:40 AM)JohnnyYesterday Wrote: I think that's talking about keys, not pads. Random numbers can be used for both.
Keys can be securely transmitted using quantum key distribution.
If you need multi-million-bit keys, you might be reasonably said to be Doing It Wrong. You only need that much material for one time pads.
Asymmetric encryption algorithms that are not vulnerable to quantum computers appear to be plausible (look up multivariate polynomial encryption). Even in OA, these sorts of things would be resistant to brute force attacks by mid level transapients without needing million-bit keys.
(05-11-2014, 06:40 AM)JohnnyYesterday Wrote: If you have a quantum secure channel, you could also transmit arbitrarily large one-time pads that could then later be used for, e.g., cellphone communication.
Quantum communication channels are not a panacea. In the absense of a dedicated fibre optic or line-of-sight optical link connecting you with each person you wish to share a key with, you are potentially vulnerable to a man-in-the-middle attack.
(05-11-2014, 09:56 AM)stevebowers Wrote: Anders mentioned this in his recent paper. The current reality of computer security is that 'the attacker always wins'; that is, no matter how good your security is, in due course someone will find a loophole, no matter how trivial. Presumably that wouldn't be true of transapientech security - unless it were attacked by a higher toposophic entity.
There comes a point at which certain kinds of security flaw become unlikely. Formally proving the soundness of an AI is probably impractical, but building a sound toolchain that is provably correct sounds like the sort of thing a hyperturing would do for its own peace of mind, if nothing else.
By the time you're dealing with hyperintelligent security agents, all hacking is effectively social engineering (or memetics, of you'd prefer) or physical intrusion into their computing substrate (which can be made impractical for most attackers).
(05-11-2014, 09:56 AM)stevebowers Wrote: Anders suggests some 'guard entities', isolated from internet connections, might be reliable enough to protect virtual sophonts and their substrates against attack. It might be a boring life, being a virtual gatekeeper, if you can't connect to the 'net.
Unless you weren't designed with any sort of capacity for boredom, of course ;-) And, y'know, some people like voyeurism.
Building a perfectly isolated security system isn't possible, of course... it needs to be able to observe the mind state or communication of its charge, and that channel represents a means of attack.